Post

Advisory CVE-2020-13772 – Ivanti Unified Endpoint Manager system information disclosure

Advisory CVE-2020-13772 – Ivanti Unified Endpoint Manager system information disclosure
Advisory CVE-2020-13772 – Ivanti Unified Endpoint Manager system information disclosure
Posted By xnand
1 min read

Software: Ivanti Endpoint Manager Affected Versions: <= 2020.1.1 Vendor page: www.ivanti.com CVE Reference: CVE-2020-13772 Published: 13/11/2020 CVSS 3.1 Score: 5.3 – AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Attack Vector: Remote, unauthenticated Credits: Andrei Constantin Scutariu, Lenk Ratchakrit, Calvin Yau

Summary

Ivanti Unified Endpoint Manager’s “ldcient” component expose information about the system that could be used in further attacks against the system.

Mitigation

There is currently no fix for this issue. The vendor has yet to release a patch to address the vulnerability; it is advised to review the host configuration and monitor for suspicious activity. If possible, consider disabling or whitelisting access to the affected URLs.

Technical details

The following endpoint expose information about the system, such as environment variables, domain name, internal paths and CPU information:

  • /ldclient/ldprov.cgi, HTTP 9595
  • /ldclient/ldprov.cgi, HTTPS 9594
  • /ldclient/ldprov.cgi, HTTPS 9593

Timeline

15/04/2020: Issue reported to the vendor 16/04/2020: Vendor acknowledged the issues 02/06/2020: CVE number assigned from MITRE 13/07/2020: 90 days notice period for disclosure given to the vendor 13/11/2020: Advisory published by JUMPSEC

Jumpsec, Research
advisory cve cve-2020-13772 information-disclosure ivanti
This post is licensed under CC BY 4.0 by the author.